drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Truncated history

Browse Source
This commit is contained in:
bol-van
2024-10-28 09:32:24 +03:00
commit 2aaa2f7cf3
300 changed files with 43184 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
init.d/macos/custom.d.examples/10-inherit-tpws Normal file
View File

@@ -0,0 +1,18 @@
# this custom script applies tpws mode as it would be with MODE=tpws
OVERRIDE=tpws
zapret_custom_daemons()
{
# $1 - 1 - run, 0 - stop
MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
}
zapret_custom_firewall_v4()
{
MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v4
}
zapret_custom_firewall_v6()
{
MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v6
}

18
init.d/macos/custom.d.examples/10-inherit-tpws-socks Normal file
View File

@@ -0,0 +1,18 @@
# this custom script applies tpws-socks mode as it would be with MODE=tpws-socks
OVERRIDE=tpws-socks
zapret_custom_daemons()
{
# $1 - 1 - run, 0 - stop
MODE_OVERRIDE=$OVERRIDE zapret_do_daemons $1
}
zapret_custom_firewall_v4()
{
MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v4
}
zapret_custom_firewall_v6()
{
MODE_OVERRIDE=$OVERRIDE pf_anchor_zapret_v6
}

30
init.d/macos/custom.d.examples/50-extra-tpws Normal file
View File

@@ -0,0 +1,30 @@
# this script is an example describing how to run tpws on a custom port
DNUM=100
TPPORT_MY=${TPPORT_MY:-987}
TPWS_OPT_MY=${TPWS_OPT_MY:-987}
TPWS_OPT_SUFFIX_MY="${TPWS_OPT_SUFFIX_MY:-}"
DPORTS_MY=${DPORTS_MY:-20443,20444,30000-30009}
zapret_custom_daemons()
{
# $1 - 1 - run, 0 - stop
local opt="--user=root --port=$TPPORT_MY"
tpws_apply_binds opt
opt="$opt $TPWS_OPT_MY"
filter_apply_hostlist_target opt
filter_apply_suffix opt "$TPWS_OPT_SUFFIX_MY"
do_daemon $1 $DNUM "$TPWS" "$opt"
}
# custom firewall functions echo rules for zapret-v4 and zapret-v6 anchors
# they come after automated table definitions. so you can use <zapret> <zapret6> <zapret-user> ...
zapret_custom_firewall_v4()
{
pf_anchor_zapret_v4_tpws $TPPORT_MY $(replace_char - : $DPORTS_MY)
}
zapret_custom_firewall_v6()
{
pf_anchor_zapret_v6_tpws $TPPORT_MY $(replace_char - : $DPORTS_MY)
}

0
init.d/macos/custom.d/.keep Normal file
View File

211
init.d/macos/functions Normal file
View File

@@ -0,0 +1,211 @@
# init script functions library for macos
ZAPRET_BASE=${ZAPRET_BASE:-/opt/zapret}
ZAPRET_RW=${ZAPRET_RW:-"$ZAPRET_BASE"}
ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
. "$ZAPRET_CONFIG"
. "$ZAPRET_BASE/common/base.sh"
. "$ZAPRET_BASE/common/pf.sh"
. "$ZAPRET_BASE/common/list.sh"
. "$ZAPRET_BASE/common/custom.sh"
CUSTOM_DIR="$ZAPRET_RW/init.d/macos"
IPSET_DIR=$ZAPRET_BASE/ipset
. "$IPSET_DIR/def.sh"
PIDDIR=/var/run
[ -n "$TPPORT" ] || TPPORT=988
[ -n "$WS_USER" ] || WS_USER=daemon
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
TPWS_WAIT_SOCKS6="$TPWS_WAIT --bind-wait-ip-linklocal=30"
[ -n "$TPWS" ] || TPWS="$ZAPRET_BASE/tpws/tpws"
CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/macos/custom"
[ -f "$CUSTOM_SCRIPT" ] && . "$CUSTOM_SCRIPT"
run_daemon()
{
# $1 - daemon number : 1,2,3,...
# $2 - daemon
# $3 - daemon args
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local DAEMONBASE="$(basename "$2")"
local PIDFILE="$PIDDIR/$DAEMONBASE$1.pid"
local ARGS="--daemon --pidfile=$PIDFILE $3"
[ -f "$PIDFILE" ] && pgrep -qF "$PIDFILE" && {
echo Already running $1: $2
return 0
}
echo "Starting daemon $1: $2 $ARGS"
"$2" $ARGS
}
stop_daemon()
{
# $1 - daemon number : 1,2,3,...
# $2 - daemon
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local PID
local DAEMONBASE="$(basename "$2")"
local PIDFILE="$PIDDIR/$DAEMONBASE$1.pid"
[ -f "$PIDFILE" ] && read PID <"$PIDFILE"
[ -n "$PID" ] && {
echo "Stopping daemon $1: $2 (PID=$PID)"
kill $PID
rm -f "$PIDFILE"
}
return 0
}
do_daemon()
{
# $1 - 1 - run, 0 - stop
on_off_function run_daemon stop_daemon "$@"
}
tpws_apply_binds()
{
local o
[ "$DISABLE_IPV4" = "1" ] || o="--bind-addr=127.0.0.1"
[ "$DISABLE_IPV6" = "1" ] || {
for i in lo0 $IFACE_LAN; do
o="$o --bind-iface6=$i --bind-linklocal=force $TPWS_WAIT"
done
}
eval $1="\"\$$1 $o\""
}
tpws_apply_socks_binds()
{
local o
[ "$DISABLE_IPV4" = "1" ] || o="--bind-addr=127.0.0.1"
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-addr=::1"
for lan in $IFACE_LAN; do
[ "$DISABLE_IPV4" = "1" ] || o="$o --bind-iface4=$lan $TPWS_WAIT"
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-iface6=$lan --bind-linklocal=unwanted $TPWS_WAIT_SOCKS6"
done
eval $1="\"\$$1 $o\""
}
wait_interface_ll()
{
echo waiting for an ipv6 link local address on $1 ...
"$TPWS" --bind-wait-only --bind-iface6=$1 --bind-linklocal=force $TPWS_WAIT
}
wait_lan_ll()
{
[ "$DISABLE_IPV6" != "1" ] && {
for lan in $IFACE_LAN; do
wait_interface_ll $lan >&2 || {
echo "wait interface failed on $lan"
return 1
}
done
}
return 0
}
get_ipv6_linklocal()
{
ifconfig $1 | sed -nEe 's/^.*inet6 (fe80:[a-f0-9:]+).*/\1/p'
}
zapret_do_firewall()
{
# $1 - 1 - add, 0 - del
[ "$1" = 1 -a -n "$INIT_FW_PRE_UP_HOOK" ] && $INIT_FW_PRE_UP_HOOK
[ "$1" = 0 -a -n "$INIT_FW_PRE_DOWN_HOOK" ] && $INIT_FW_PRE_DOWN_HOOK
case "${MODE_OVERRIDE:-$MODE}" in
tpws|filter|custom)
if [ "$1" = "1" ] ; then
pf_anchor_root || return 1
pf_anchors_create
pf_anchors_load || return 1
pf_enable
else
pf_anchors_clear
fi
;;
esac
[ "$1" = 1 -a -n "$INIT_FW_POST_UP_HOOK" ] && $INIT_FW_POST_UP_HOOK
[ "$1" = 0 -a -n "$INIT_FW_POST_DOWN_HOOK" ] && $INIT_FW_POST_DOWN_HOOK
return 0
}
zapret_apply_firewall()
{
zapret_do_firewall 1 "$@"
}
zapret_unapply_firewall()
{
zapret_do_firewall 0 "$@"
}
zapret_restart_firewall()
{
zapret_unapply_firewall "$@"
zapret_apply_firewall "$@"
}
zapret_do_daemons()
{
# $1 - 1 - run, 0 - stop
local opt
case "${MODE_OVERRIDE:-$MODE}" in
tpws)
[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
echo "both ipv4 and ipv6 are disabled. nothing to do"
return 0
}
# MacOS requires root. kernel hardcoded requirement for /dev/pf ioctls
opt="--user=root --port=$TPPORT"
tpws_apply_binds opt
opt="$opt $TPWS_OPT"
filter_apply_hostlist_target opt
filter_apply_suffix opt "$TPWS_OPT_SUFFIX"
do_daemon $1 1 "$TPWS" "$opt"
;;
tpws-socks)
[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
echo "both ipv4 and ipv6 are disabled. nothing to do"
return 0
}
opt="--socks --user=$WS_USER --port=$TPPORT"
tpws_apply_socks_binds opt
opt="$opt $TPWS_OPT"
filter_apply_hostlist_target opt
filter_apply_suffix opt "$TPWS_OPT_SUFFIX"
do_daemon $1 1 "$TPWS" "$opt"
;;
filter)
;;
custom)
custom_runner zapret_custom_daemons $1
;;
*)
echo "unsupported MODE=$MODE"
return 1
;;
esac
return 0
}
zapret_run_daemons()
{
zapret_do_daemons 1 "$@"
}
zapret_stop_daemons()
{
zapret_do_daemons 0 "$@"
}
zapret_restart_daemons()
{
zapret_stop_daemons "$@"
zapret_run_daemons "$@"
}

51
init.d/macos/zapret Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/sh
EXEDIR="$(dirname "$0")"
ZAPRET_BASE="$EXEDIR/../.."
ZAPRET_BASE="$(cd "$ZAPRET_BASE"; pwd)"
. "$EXEDIR/functions"
case "$1" in
start)
zapret_run_daemons
[ "$INIT_APPLY_FW" != "1" ] || zapret_apply_firewall
;;
stop)
[ "$INIT_APPLY_FW" != "1" ] || zapret_unapply_firewall
zapret_stop_daemons
;;
restart)
"$0" stop
"$0" start
;;
start-fw|start_fw)
zapret_apply_firewall
;;
stop-fw|stop_fw)
zapret_unapply_firewall
;;
restart-fw|stop_fw)
zapret_restart_firewall
;;
reload-fw-tables|reload_fw_tables)
pf_table_reload
;;
start-daemons|start_daemons)
zapret_run_daemons
;;
stop-daemons|stop_daemons)
zapret_stop_daemons
;;
restart-daemons|restart_daemons)
zapret_restart_daemons
;;
*)
N="$SCRIPT/$NAME"
echo "Usage: $N {start|stop|start-fw|stop-fw|restart-fw|reload-fw-tables|start-daemons|stop-daemons|restart-daemons}" >&2
exit 1
;;
esac

17
init.d/macos/zapret.plist Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>zapret</string>
<key>LaunchOnlyOnce</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/opt/zapret/init.d/macos/zapret</string>
<string>start</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>